Information Security, Ethical Hacking, website Security, Database Security, IT Audit and Compliance, Security news, Programming, Linux and Security.
Wednesday, 8 April 2015
Illegal downloading: Australia internet firms must supply data
An Australian court has ordered internet service providers (ISPs) to hand over details of customers accused of illegally downloading a US movie.
In a landmark move, the Federal Court told six firms to divulge names and addresses of those who downloaded The Dallas Buyers Club.
The case was lodged by the US company that owns the rights to the 2013 movie.
The court said the data could only be used to secure "compensation for the infringements" of copyright.
In the case, which was heard in February, the applicants said they had identified 4,726 unique IP addresses from which their film was shared online using BitTorrent, a peer-to-peer file sharing network. They said this had been done without their permission.
Once they received the names of account holders, the company would then have to prove copyright infringement had taken place.
The judgment comes amidst a crackdown by the Australian government on internet piracy.
Australians are among the world's most regular illegal downloaders of digital content. The delay in release dates for new films and TV shows, and higher prices in Australia for digital content, have prompted many Australians to find surreptitious ways to watch new shows.
Australians are some of the world's most enthusiastic illegal downloaders
Deterrent
The ISPs involved in the case, including Australia's second-largest provider iiNet, said releasing customer information would be a breach of privacy and lead to what is known in the US as "speculative invoicing".
This is where account holders are threatened with court cases that could result in large damages unless smaller settlement fees are paid.
The ISPs argued also that the monetary claims which the US company, Dallas Buyers Club LLC, had against each infringer were so small "that it was plain that no such case could or would be maintained by the applicants".
But Justice Nye Perram ruled that the customer information could be released on condition it was only used to recover compensation for copyright infringement.
"I will also impose a condition on the applicants that they are to submit to me a draft of any letter they propose to send to account holders associated with the IP addresses which have been identified," he ruled.
Justice Perram said the ruling was also important for deterring illegal downloading.
"It is not beyond the realm of possibilities that damages of a sufficient size might be awarded under this provision in an appropriately serious case in a bid to deter people from the file-sharing of films," he said.
The case came to court after Dallas Buyers Club LLC contacted iiNet and other ISPs, asking them to divulge customer details without a court order. The ISPs refused.
The ISPs have yet to say if they will appeal against the court ruling.
Professor of Law at the University of Technology, Sydney, Michael Fraser said it was an important judgement for ISPs and customers.
"If this [judgement] is upheld then the days of anonymous pirating may be over," Prof Fraser told ABC TV.
Report: U.S. officials say Russians hacked White House computer system
White
House officials believe hackers who gained access to their computer
network may be the same ones who broke into the State Department’s
system, CNN reported.
The White House has been hacked and investigators think they know how, according to unnamed officials in a CNN report.In November, hackers are said to have breached the U.S. State Department’s unclassified email system. A month later, “suspicious cyber activity” was noticed on a White House computer network, Reuters said. Now it appears as though these same hackers used the State Department cyber intrusion—which has been ongoing despite the department’s best efforts to block and wipe it—as a beachhead to gain entry into the White House’s computer systems.
White House deputy national security advisor—and Fortune 40 under 40 alum—Ben Rhodes told Wolf Blitzer on “The Situation Room” that the White House has separate networks: one classified, one unclassified. Hackers appear only to have breached the unclassified one, CNN reported. As Rhodes told Blitzer:
Well, Wolf, first of all I’m not going to get into details about our cyber security efforts. What I can say though, Wolf, is, as you said, we were public about the fact that we were dealing with cyber intrusions and the State Department was public about that, but the fact of the matter is that we have different systems here at the White House, so we have an unclassified system and then we have a classified system, a top-secret system. That is where the sensitive national security information is—the classified information is—that was a secure system. So we do not believe that our classified systems were compromised.According to CNN, unnamed White House officials blamed the White House breach on Russian hackers. “One official says the Russian hackers have ‘owned’ the State Department system for months and it is not clear the hackers have been fully eradicated from the system,” CNN reported. After assessing the malware used by the attackers and their methods, the officials seem to believe that the White House breach is in some way linked to Moscow.
I will tell you, Wolf, as a general matter we are constantly updating our security precautions on our unclassified systems. But frankly, we’re also told to act as if we need to not put information that is sensitive on that system. So, in other words, if you’re going to do something that’s classified you have to do it on one email system, on one phone system, and frankly you have to act as if information could be compromised if it’s not on the classified system.
In the fall, U.S. director of national intelligence James Clapper told an audience at the University of Texas in Austin that Russia posed a bigger cyber threat than China.
The intrusion likely resulted, as many cyber breaches do, from an employee clicking on a malicious link or attachment in a so-called phishing email. That’s how investigators believe the hackers accessed the State Department’s systems, according to the Wall Street Journal. It’s also how they believe the hackers infiltrated the White House systems—this time, under the guise of a hijacked State Department email account, CNN said.
Though the White House has downplayed the severity of its breach since the fall, CNN noted that the hackers would have gained access to President Barack Obama’s private itinerary—an undeniably irresistible target for foreign spies.
Data possibly exposed for more than 364K Auburn University students
Auburn University is notifying more than 364,000 current, former and prospective students – as well as applicants who never enrolled in or attended the university – that their personal information was inadvertently accessible via the internet.
How many victims? 364,012.
What type of personal information? The information varied depending on the individual, but included names, addresses, dates of birth, Social Security numbers, email addresses and academic information.
What happened? The personal information of current, former and prospective Auburn University students – as well as applicants who never enrolled in or attended the university – was inadvertently accessible via the internet.
What was the response? Auburn University secured its system and launched an investigation, which is ongoing. The university is conducting a review of its data storage practices and policies. All potentially impacted individuals are being notified, and offered two free years of credit monitoring and identity protection services, as well as lifetime access to fraud resolution services.
Details: Auburn University became aware of the issue on March 2. The information was accessible via the internet between September 2014 and March 2. Auburn University is unaware of any attempted or actual misuse of any personal information as a result of the incident.
Quote: “The exposure resulted from configuration issues with a new device installed to replace a broken server,” according to a notification posted to the Auburn University website.
Source: ocm.auburn.edu, “Data Security Incident Information,” April 3, 2015; ocm.auburn.edu, “Frequently Asked Questions,” April 3, 2015.
How many victims? 364,012.
What type of personal information? The information varied depending on the individual, but included names, addresses, dates of birth, Social Security numbers, email addresses and academic information.
What happened? The personal information of current, former and prospective Auburn University students – as well as applicants who never enrolled in or attended the university – was inadvertently accessible via the internet.
What was the response? Auburn University secured its system and launched an investigation, which is ongoing. The university is conducting a review of its data storage practices and policies. All potentially impacted individuals are being notified, and offered two free years of credit monitoring and identity protection services, as well as lifetime access to fraud resolution services.
Details: Auburn University became aware of the issue on March 2. The information was accessible via the internet between September 2014 and March 2. Auburn University is unaware of any attempted or actual misuse of any personal information as a result of the incident.
Quote: “The exposure resulted from configuration issues with a new device installed to replace a broken server,” according to a notification posted to the Auburn University website.
Source: ocm.auburn.edu, “Data Security Incident Information,” April 3, 2015; ocm.auburn.edu, “Frequently Asked Questions,” April 3, 2015.
Hackers leak messages between the Kremlin and France’s far-right National Front
French media site Mediapart has reported that hackers have
leaked thousands of texts and emails sent between the Kremlin and the
French far-right party, the National Front.
According to French newspaper Le Monde, the hackers posted the messages on their website
and many of the texts discuss Marine Le Pen, the leader of the National
Front, and her support for the annexation of the Crimean peninsula,
which occurred in March 2014.
The exchanges are between ‘Timur Prokopenko,’ who the
hackers identify as a Kremlin official and Kostya, a man they describe
as a “Russian connection” who has access to Le Pen.
The men discuss finding out if Le Pen will back Russia in
Crimea by becoming “an observer” of the annexation. According to Le
Monde, one message from Prokopenko reads “We really need her, I said to
the boss you could arrange this with her”, in reference to Le Pen’s
support of the internationally unrecognised referendum held before
Russia annexed Crimea. Kostya then gives assurances that the National
Front “will officially take a position on the Crimea".
The head of the National Front’s list in Ile-de-France
constituency, Aymeric Chauprade, was an observer at the Crimea
referendum last March, although the party denied allegations that he had
attended as the foreign policy advisor. Speaking of his decision to
attend, Chauprade told Russian News Channel RT: “I think the referendum
is legitimate. We are talking about long-term history. We are talking
about the Russian people, about the territories of the former USSR.”
In February this year, Le Pen gave an interview to the Polish weekly Do Rzeczy in which she said that France should recognise Crimea as part of Russia.
In December she revealed that her party had received a €9m loan from Russian-owned First Czech-Russian Bank, leading to reports
that Putin was purposefully bankrolling radical European parties in
order to destabilise Europe. However, Le Pen argued that French banks
had turned down the National Front for a loan and so they had accepted
one from Russia instead.
Le Pen visited Moscow several times last year and met with
deputy prime minister Dmitry Rogozin and other Kremlin officials to
discuss policy issues
Islamist hackers seize control of Defra's air-quality website
Group
calling itself Moroccan Islamic Union-Mail posts picture of Saddam
Hussein and criticises Britain for its role in invasion of Iraq
Islamist hackers seized control of the government’s official
air-quality website to post a message criticising Britain for its role
in the invasion of Iraq in 2003.
Visitors on Tuesday morning to the UK-Air website, part of the Department for Food, the Environment and Rural Affairs, were greeted with a black background with a a large portrait of the former Iraqi dictator Saddam Hussein.
Beneath it a message in broken English read: “It’s time to remind the British government what you did with Saddam Hussein will not forget. And we are ready to sacrifice with everything, as not to give up Iraq and stay alert for the coming…”
Twitter users noticed the hack, claimed by a group calling itself the Moroccan Islamic Union-Mail, as early as 7am. By 8am the message had been removed and replaced with a holding page. Moroccan Islamic Union-Mail appears to style itself as an Islamist version of the Anonymous hacking group.
A Defra press officer told the Guardian that the department was “aware” of the hack but could provide no further details at that time.
The hacked page included a link to an Arabic-language Facebook page for the Moroccan Islamic Union-Mail. A banner picture on the page showed eight masked men posing in T-shirts bearing the acronym MIUM. A link on the page led to a webpage hosting an Anonymous-style montage video made of news reports on the hackers’ exploits.
On the news feed, the group claimed responsibility for a separate hack of Zambia’s state website, as well as posting anti-Israel messages and comments on Middle East politics.
The Anti-Defamation League, which documents and counters racism, has previously accused MIUM of hacking on behalf of the Islamic State terrorist group. MIUM hackers have targeted Jewish websites in the US during the recent conflict between Israel and Gaza, the ADL said in a blogpost, before turning their attention to US military-linked websites in response to the American-led air campaign against Isis which began in December.
British
forces are also involved in the campaign against Isis militants in
Iraq. The backbone of the terror group is formed of Sunni Islamists, but
elements of Saddam’s Baathist regime – which was backed by Iraq’s Sunni
minority – are also said to support the insurgency.
The UK was part of the US-led coalition that invaded Iraq in 2003, toppling Saddam after nearly 24 years in power. The UK’s role in the Iraq war has previously been cited as a justification for terrorist attacks and threats against British nationals.
Mention of the Defra hack was first made on Twitter by Jim McQuaid at 7.05am. The UK-Air home page usually publishes pollution forecasts for the coming days and data on the latest pollution levels. Normal service had been restored to the UK-Air site by 8.24am.
Visitors on Tuesday morning to the UK-Air website, part of the Department for Food, the Environment and Rural Affairs, were greeted with a black background with a a large portrait of the former Iraqi dictator Saddam Hussein.
Beneath it a message in broken English read: “It’s time to remind the British government what you did with Saddam Hussein will not forget. And we are ready to sacrifice with everything, as not to give up Iraq and stay alert for the coming…”
Twitter users noticed the hack, claimed by a group calling itself the Moroccan Islamic Union-Mail, as early as 7am. By 8am the message had been removed and replaced with a holding page. Moroccan Islamic Union-Mail appears to style itself as an Islamist version of the Anonymous hacking group.
A Defra press officer told the Guardian that the department was “aware” of the hack but could provide no further details at that time.
The hacked page included a link to an Arabic-language Facebook page for the Moroccan Islamic Union-Mail. A banner picture on the page showed eight masked men posing in T-shirts bearing the acronym MIUM. A link on the page led to a webpage hosting an Anonymous-style montage video made of news reports on the hackers’ exploits.
On the news feed, the group claimed responsibility for a separate hack of Zambia’s state website, as well as posting anti-Israel messages and comments on Middle East politics.
The Anti-Defamation League, which documents and counters racism, has previously accused MIUM of hacking on behalf of the Islamic State terrorist group. MIUM hackers have targeted Jewish websites in the US during the recent conflict between Israel and Gaza, the ADL said in a blogpost, before turning their attention to US military-linked websites in response to the American-led air campaign against Isis which began in December.
Advertisement
The UK was part of the US-led coalition that invaded Iraq in 2003, toppling Saddam after nearly 24 years in power. The UK’s role in the Iraq war has previously been cited as a justification for terrorist attacks and threats against British nationals.
Mention of the Defra hack was first made on Twitter by Jim McQuaid at 7.05am. The UK-Air home page usually publishes pollution forecasts for the coming days and data on the latest pollution levels. Normal service had been restored to the UK-Air site by 8.24am.
FBI to WordPress users: patch now before ISIL defaces you
The United States Federal Bureau of Investigation (FBI) has issued a warning to WordPress users: hurry up and patch your content management system before web site is defaced by ISIL sympathisers.
The Bureau has issued a notice titled "ISIL defacements exploiting WordPress vulnerabilities" in which it warns that "Continuous Web site defacements are being perpetrated by individuals sympathetic to the Islamic State in the Levant (ISIL) a.k.a. Islamic State of Iraq and al-Shams (ISIS)."
"The defacements have affected Web site operations and the communication platforms of news organizations, commercial entities, religious institutions, federal/state/local governments, foreign governments, and a variety of other domestic and international Web sites," the notice says. "Although the defacements demonstrate low-level hacking sophistication, they are disruptive and often costly in terms of lost business revenue and expenditures on technical services to repair infected computer systems."
The good news is that the Bureau thinks the perps are not ISIL members, but sympathisers. It nonetheless advises WordPress users to get their heads around security and patch plugins ASAP.
It's sound advice: Sucuri researcher Alexandre Montpas is warning of a persistent cross-site scripting vulnerability in the WordPress Super Cache plugin that allows up to a million sites to be hijacked.
Montpas reveals the bug affecting versions below 1.4.3 which have been downloaded more than a million times according to WordPress statistics.
Montpas says attackers could have malcode executed if administrators peered into the plugin's listing page.
"Using this vulnerability, an attacker using a carefully crafted query could insert malicious scripts to the plugin’s cached file listing page," Montpas says.
"As this page requires a valid nonce in order to be displayed, a successful exploitation would require the site’s administrator to have a look at that particular section, manually.
"When executed, the injected scripts could be used to perform a lot of other things like adding a new administrator account to the site, and injecting backdoors by using WordPress theme edition tools"
The since-patched bug resides in the displaying of data within WP-Super-Cache's cache file key that picks the cache file to be loaded.
It is the latest in a laundry list of WordPress plugin vulnerabilities to be disclosed recently.
The problem with un-patched plugins, as distinct from the WordPress platform itself,
WordPress hacking is a favourite pastime of lazy hackers and exploit kit -slingers who seek to achieve maximum carnage for minimum effort.
Google Ads go NUCLEAR, foist exploit kit
Security bod Maarten van Dantzig says a large number
of Google ads sold through Bulgarian reseller EngageLab have been
pointing users to the dangerous Nuclear exploit kit.
The Fox-IT binary basher found the campaign, which may at the time of writing have been subject to the Choc Factory's boot, could result in a "very large" number of attacks.
Victims could be compromised over Adobe Flash, Java, and Microsoft's lonely orphan Silverlight.
Nuclear exploit kit redirection was first observed overnight targeting Fox-IT customers, van Dantzig says.
"The Fox-IT SOC (security operations centre) has detected a relatively large amount of infections and infection attempts from this exploit kit among our customers [and] we suspect that this malvertising campaign will be of a very large scale," van Dantzig says.
"Though we have not received any official confirmation, we are currently no longer observing malicious redirects from the advertisement reseller."
Van Dantzig reported the command and control server and three others foisting the exploit kit to Google.
He recommends users block access to '85.143.217.196', deploy an advertisement blocker and update (or uninstall) Flash, Java, or Silverlight. ®
The Fox-IT binary basher found the campaign, which may at the time of writing have been subject to the Choc Factory's boot, could result in a "very large" number of attacks.
Victims could be compromised over Adobe Flash, Java, and Microsoft's lonely orphan Silverlight.
Nuclear exploit kit redirection was first observed overnight targeting Fox-IT customers, van Dantzig says.
"The Fox-IT SOC (security operations centre) has detected a relatively large amount of infections and infection attempts from this exploit kit among our customers [and] we suspect that this malvertising campaign will be of a very large scale," van Dantzig says.
"Though we have not received any official confirmation, we are currently no longer observing malicious redirects from the advertisement reseller."
Van Dantzig reported the command and control server and three others foisting the exploit kit to Google.
He recommends users block access to '85.143.217.196', deploy an advertisement blocker and update (or uninstall) Flash, Java, or Silverlight. ®
A MILLION Chrome users' data was sent to ONE dodgy IP address
A team of security researchers have found malware in a
popular Chrome extension which may have sent the browsing data of over
1.2m users to a single IP address.
Martin Zetterlund, one of ScrapeSentry's founders, told The Register that the extension's malicious functions would have been difficult to recognise through an automated auditing service because the sneaky developer had ensured this functionality is not downloaded until seven days after being installed..
ScrapeSentry analysed the dodgy Chrome extension last week and submitted its findings to Google.
The offending malware, Webpage Screenshot, was removed from the Chrome Extension web store on Tuesday. The extension apparently allowed users to capture screenshots and save them for later editing.
In a canned statement Zetterlund said: "We recently identified an unusual pattern of traffic to one of our client’s sites which alerted our investigators that something was very wrong."
He added: "Everything downloaded from the internet needs to be treated with suspicion, it's a good idea to look what others have to say about programs and extensions first if you don't have the knowledge to pick them apart yourself."
Cristian Mariolini, the ScrapeSentry analyst who headed up the team that found the rogue extension, noted: “The repercussions of this could be major for the individuals who have downloaded the extension. What happens to the personal data and the motives for wanting it sent it to the US server is anyone’s guess, but ScrapeSentry would take an educated guess it’s not going to be good news."
"And of course, if it’s not stopped, the plug-in may, at any given time, be updated with new malicious functionality as well. We would hope Google will look into this security breach with some urgency," he added.
A spokesman for Webpage Screenshot told the BeeB there was nothing malicious about the data it gathered. Instead, said the company man, it was used to understand who the extension's users were and where they were located to help drive development of the code.
"Users could opt out of sharing data, he said."
Subscribe to:
Posts (Atom)